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Amendments to the Claims: 

This listing of claims replaces all prior versions and listings of claims in the application: 



1-20. (Cancelled) 

21 . (Currently Amended) A method for authenticating a user for access to at least two 
entities of a data transmission network via by m e ans of a terminal, each data entity having an 
associated authentication device, the authentication devices being independent of each othe r, the 

a random number is transmitted to the terminal, 

data for authenticating the user to the two entities of the network is calculated 
using at least one predefined cryptographic algorithm applied to the random number received 
and at least one secret key specific to the user, 

the terminal inserts, in an access request, data for identifying the user to said two 
entities of the network and the calculated authentication data, and transmits the access request to 
an access controller, wherein the inserted data for authenticating the user comprises a distinct set 
of data for each of the two entities; 

the access controller transmits, to each of the authentication devices for the two 
entities, a respective authentication request containing the identification data and the distinct set 
of inserted data for authenticating the user to the respective entity of the network, contained in 
the access request, 

the authentication devices servers of the entities carry out a user authentication 
procedure, on the basis of user identification and authentication data, contained in the 
authentication requests, and 



Applicant : Transyetal. Attorney's Docket No.: 18394- 

SerialNo. : 10/565,571 0017US1 / RVL/PA61423US 

Filed : August 2, 2006 
Page : 3 of 11 

authentication reports containing results of the authentication procedures carried 
out by the authentication devices s e rv e rs of each of said two network entities are transmitted to 
the terminal. 

22. (Currently Amended) The method according to claim 21 , characterized in that it 
includes a preliminary step in which the terminal establishes a connection with a specialized 
server via by moans of the network, wherein the random number is generated and transmitted to 
the terminal by the specialized server when the connection has been established. 

23. (Currently Amended) The method according to claim 22, characterized in that the 
access request transmitted by the terminal is transmitted to the specialized server which inserts 
therein the random number used to calculate the authentication data, the access request is then 
transmitted to the access controller which inserts the random number into the authentication 
requests transmitted to the authentication devices for the two entities. 

24. (Previously presented) The method according to claim 2 1 , characterized in that the 
identification data inserted into the access request is in the form: "IdA@DomainA" in which: 

"IdA" represents the identifier for identifying the user to the network entity, 
"DomainA" represents the identifier of the network entity in the network, with the 
access controller determining the entities to whom the authentication requests will be transmitted 
on the basis of the "DomainA" identifiers of the network entity contained in the access request. 

25. (Currently Amended) A user terminal capable of accessing, via by means of the 
access network, at least two entities connected to a data transmission network , each data entity 
having an associated authentication device, the authentication devices being independent of each 
other : 

characterized in that it includes: 

a transmitting apparatus that transmits means fo r transmitting access requests to 
the authentication devices for at least two entities of the network, which requests contain data for 
identifying and authenticating the user to the network entity and each request being distinct; 
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a receiving apparatus that receives means for reooiving a random number when a 
connection with the network is established, a cryptographic calculating apparatus that applies 
m e ans for applying at least one predefined cryptographic algorithm to the random number 
received so as to obtain data for authenticating the user to at least two entities of the network, 
and inserting apparatus that inserts means for ins er ting , into each transmitted access request, data 
for identifying the user to each network entity and the calculated authentication data, wherein the 
calculated authentication data comprises a distinct set of authentication data for each entity. 

26. (Currently Amended) The terminal according to claim 25, characterized in that it 
includes an external module designed to be connected to each of the user terminals and including 
a receiving apparatus that receives means for receiving the random number from the terminal to 
which it is connected, a cryptographic calculation apparatus that executes means for e x e cuting 
the predefined cryptographic algorithm based on the random number, and for transmitting, to the 
terminal, at least one data item for authenticating the user to an entity of the network, obtained 
by the cryptographic calculations. 

27. (Currently Amended) An access controller, characterized in that it includes a 
receiving apparatus that receives m e ans for r e c e iving a request for access to at least two entities 
of a data transmission network coming from a user terminal and transmitted via said network, an 
extracting apparatus that extracts m e ans for e xtracting , from the access request, the data for 
identifying and authenticating the user to at least two network entities , each network entity 
having an associated authentication device, the authentication devices being independent of each 
other , wherein the data for authenticating the user to at least two network entities comprises a 
distinct set of data for each of the network entities, a transmitting apparatus that transmits m e ans 
for transmitting , to each of the authentication devices for the two entities, a respective 
authentication request containing the data for identifying and authenticating the user to a 
respective one of the two entities, contained in the access request. 



28. (Currently Amended) The access controller according to claim 27, characterized in 
that it also includes a receiving apparatus that receives means for receiving user authentication 
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reports, transmitted by the entities in response to the authentication requests, and a transmitting 
apparatus that transmits m e an s for tran s mitting , to the user terminal, and authentication report 
based on the reports received from the entities. 



29. (Currently Amended) A system for authenticating a user in an attempt to access at 
least two entities of a data transmission network to which network entities are connected, and 
which user terminals can access via by m e ans of access networks, characterized in that it 
includes: 

a user terminal characterized in that it includes: 

a transmitting a pparatus that transmits m e ans for transmitting access requests to 
an entity of the network, which requests contain data for identifying and authenticating the user 
to the network entity; and 

a receiving apparatus that receives m e ans for r e c e iving a random number when a 
connection with the network is established, a^cryptographic calculating apparatus that a pplies 
moan a for applying at least one predefined cryptographic algorithm to the random number 
received so as to obtain data for authenticating the user to at least two entities of the network, 
and an inserting apparatus that inserts means for ins e rting , into each transmitted access request, 
data for identifying the user to two network entities and the calculated authentication data,, 
wherein the calculated authentication data comprises a distinct set of data for each of the network 

at least one authentication server for each of the two network entities, designed to 
identify and authenticate the users on the basis of identification and authentication data contained 
in the access requests received , the authentication devices being inde pendent of each other ; 

an access controller characterized in that it includes a receiving apparatus that 
receives m e ans for rec e iving requests for access to at least two entities of the data transmission 
network coming from user terminals and transmitted via said network, an extracting apparatus 
that extracts m e ans for e xtracting , from each of the access requests, the data for identifying and 
authenticating the user to at least two network entities, a transmitting apparatus that transmits 
m e ans for transmitting , to each of the two entities, a respective authentication request containing 
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the data for identifying and authenticating the user to the two entities, contained in the access 
request. 

30. (Currently Amended) The system according to claim 29, characterized in that it also 
includes a specialized server connected to the network so as to be connected to the user 
terminals when a connection has been established between the terminal and the network, wherein 
the specialized server includes a generating and transmitting apparatus that generates and 
transmits m e ans for gen e rating and tran s mitting a random number to each of the terminals with 
which a connection is established, and an inserting apparatus that inserts m e ans for ins e rting the 
random number into each of the access requests transmitted by the terminals. 

3 1 . (Currently Amended) The system according to claim 29, characterized in that each 
entity of the network includes a storing apparatus that stores moano for otoring secret keys of 
users, a determining apparatus that determines means for d e termining the data for authenticating 
the user to the entity by applying the predefined algorithm to the random number received in a 
authentication request and to the secret user key, and that compares for oomparing the result 
obtained to the user authentication data received in the authentication request, wherein the user is 
properly authenticated by the entity only if the result of the cryptographic calculation obtained is 
identical to the authentication data contained in the authentication request. 



